Currently Unpatched Windows / Internet Explorer Vulnerabilities
Update: Microsoft now created its own version of this table:
------
Thanks to our reader Dan for getting this started. Here is a preliminary table on various Internet Explorer and Windows vulnerabilities that are as of yet unpatched.Let me know if I forgot one. I originally planned to include some of the older issues, but none of them appears to be as relevant/serious as the issues in this list.
CVE | Name | Release Date | Affected | Exploit and comments | Mitigation |
no CVE | Use after free error within "mshtml.dll" | Jan 5th 2011 | IE 7,8 | http://www.vupen.com/english/advisories/2011/0026 | |
CVE-2010-3970 | Graphics Rendering Engine | Jan 4th 2011 | Windows XP/VIsta (not: 7, 2008 R2) | Available |
Disable shimgvw.dll |
no CVE | WMI ActiveX Control | Dec 23rd 2010 | IE with WMI ActiveX Control installed |
See this Websense blog for details |
set killbit on affected ActiveX control |
CVE-2010-3971 | CSS Import Rule Processing Use-After-Free Vulnerability | Dec 14th 2010 | IE 6,7,8 | PoC available. Critical |
Enhanced Mitigation Experience Toolkit |
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments
http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx
Dave
Jan 6th 2011
1 decade ago
http://www.vupen.com/english/Unpatched-Microsoft-Vulnerabilities.php
reswob
Jan 6th 2011
1 decade ago